Piteball
/
android_kernel_samsung_msm8976
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/drivers/hid
History
Alan Stern 187d27cc7e HID: Fix assumption that devices have inputs 
commit d9d4b1e46d9543a82c23f6df03f4ad697dab361b upstream.

The syzbot fuzzer found a slab-out-of-bounds write bug in the hid-gaff
driver.  The problem is caused by the driver's assumption that the
device must have an input report.  While this will be true for all
normal HID input devices, a suitably malicious device can violate the
assumption.

The same assumption is present in over a dozen other HID drivers.
This patch fixes them by checking that the list of hid_inputs for the
hid_device is nonempty before allowing it to be used.

Reported-and-tested-by: syzbot+403741a091bf41d4ae79@syzkaller.appspotmail.com
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: <stable@vger.kernel.org>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ica4d1b6adc1bcb30ce077f7d954cb8ba94bce730
 		2020-04-09 03:13:17 +02:00
..
i2c-hid HID: i2c-hid: Do not free buffers in i2c_hid_stop() 2019-07-27 22:11:08 +02:00
usbhid HID: hiddev: fix potential Spectre v1 2019-07-27 22:06:00 +02:00
Kconfig Import latest Samsung release 2017-04-18 03:43:52 +02:00
Makefile Import latest Samsung release 2017-04-18 03:43:52 +02:00
hid-a4tech.c
hid-apple.c
hid-appleir.c
hid-aureal.c
hid-axff.c HID: Fix assumption that devices have inputs 2020-04-09 03:13:17 +02:00
hid-belkin.c
hid-cherry.c HID: fix a couple of off-by-ones 2014-09-05 16:28:34 -07:00
hid-chicony.c
hid-core.c This is the 3.10.96 stable release 2017-04-18 17:16:02 +02:00
hid-cypress.c HID: hid-cypress: validate length of report 2019-07-27 21:43:43 +02:00
hid-debug.c HID: debug: fix race condition with between rdesc_show() and device removal 2019-07-27 22:10:41 +02:00
hid-dr.c HID: Fix assumption that devices have inputs 2020-04-09 03:13:17 +02:00
hid-elecom.c
hid-emsff.c HID: Fix assumption that devices have inputs 2020-04-09 03:13:17 +02:00
hid-ezkey.c
hid-gaff.c HID: Fix assumption that devices have inputs 2020-04-09 03:13:17 +02:00
hid-generic.c
hid-gyration.c
hid-holtek-kbd.c
hid-holtekff.c HID: Fix assumption that devices have inputs 2020-04-09 03:13:17 +02:00
hid-hyperv.c
hid-icade.c
hid-ids.h Import latest Samsung release 2017-04-18 03:43:52 +02:00
hid-input.c HID: hid-input: Add parentheses to quell gcc warning 2019-07-27 21:42:01 +02:00
hid-kensington.c
hid-keytouch.c
hid-kye.c HID: Add a new id 0x501a for Genius MousePen i608X 2015-01-16 06:59:01 -08:00
hid-lcpower.c
hid-lenovo-tpkbd.c
hid-lg.c HID: hid-lg: Fix immediate disconnection of Logitech Rumblepad 2 2019-07-27 21:44:06 +02:00
hid-lg.h
hid-lg2ff.c HID: Fix assumption that devices have inputs 2020-04-09 03:13:17 +02:00
hid-lg3ff.c HID: Fix assumption that devices have inputs 2020-04-09 03:13:17 +02:00
hid-lg4ff.c HID: Fix assumption that devices have inputs 2020-04-09 03:13:17 +02:00
hid-lgff.c HID: Fix assumption that devices have inputs 2020-04-09 03:13:17 +02:00
hid-logitech-dj.c HID: logitech-dj: prevent false errors to be shown 2014-10-05 14:54:08 -07:00
hid-logitech-dj.h HID: logitech-dj: prevent false errors to be shown 2014-10-05 14:54:08 -07:00
hid-magicmouse.c This is the 3.10.67 stable release 2015-04-24 18:04:40 -07:00
hid-microsoft.c
hid-monterey.c HID: fix a couple of off-by-ones 2014-09-05 16:28:34 -07:00
hid-multitouch.c
hid-ntrig.c hid: hid-ntrig: Fix input_configured function 2017-04-18 12:19:41 +02:00
hid-ortek.c
hid-petalynx.c HID: fix a couple of off-by-ones 2014-09-05 16:28:34 -07:00
hid-picolcd.h
hid-picolcd_backlight.c
hid-picolcd_cir.c
hid-picolcd_core.c HID: picolcd: sanity check report size in raw_event() callback 2014-10-05 14:54:08 -07:00
hid-picolcd_debugfs.c
hid-picolcd_fb.c
hid-picolcd_lcd.c
hid-picolcd_leds.c
hid-pl.c
hid-primax.c
hid-prodikeys.c
hid-ps3remote.c
hid-roccat-arvo.c
hid-roccat-arvo.h
hid-roccat-common.c
hid-roccat-common.h
hid-roccat-isku.c
hid-roccat-isku.h
hid-roccat-kone.c
hid-roccat-kone.h
hid-roccat-koneplus.c
hid-roccat-koneplus.h
hid-roccat-konepure.c
hid-roccat-konepure.h
hid-roccat-kovaplus.c
hid-roccat-kovaplus.h
hid-roccat-lua.c
hid-roccat-lua.h
hid-roccat-pyra.c HID: roccat: potential out of bounds in pyra_sysfs_write_settings() 2015-01-16 06:59:01 -08:00
hid-roccat-pyra.h
hid-roccat-savu.c
hid-roccat-savu.h
hid-roccat.c
hid-saitek.c
hid-samsung.c Import latest Samsung release 2017-04-18 03:43:52 +02:00
hid-sensor-hub.c
hid-sjoy.c
hid-sony.c
hid-speedlink.c
hid-steelseries.c
hid-sunplus.c HID: fix a couple of off-by-ones 2014-09-05 16:28:34 -07:00
hid-synaptics-bt.c Import latest Samsung release 2017-04-18 03:43:52 +02:00
hid-thingm.c
hid-tivo.c
hid-tmff.c HID: Fix assumption that devices have inputs 2020-04-09 03:13:17 +02:00
hid-topseed.c
hid-twinhan.c
hid-uclogic.c
hid-wacom.c
hid-waltop.c
hid-wiimote-core.c
hid-wiimote-debug.c
hid-wiimote-ext.c
hid-wiimote.h
hid-zpff.c HID: Fix assumption that devices have inputs 2020-04-09 03:13:17 +02:00
hid-zydacron.c
hidraw.c HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device 2019-07-27 21:52:17 +02:00
uhid.c HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges 2019-07-27 21:53:06 +02:00